Lucene search
K

664 matches found

GithubExploit
GithubExploit
added 2026/05/21 4:27 p.m.83 views

pocx

pocx 一个完善的 yaml poc 引擎,poc 定义在wiki中 使用方法参考 example/main.go...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – fixed a potential memory leak in wilcmacxmit The wilcmacxmit function returns NETDEVTXOK without freeing the skb buffer; devkfreeskb was added to address this issue. This fix has been tested only during compilati...

5.8AI score0.00211EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fortify: Fixed the compiletimestrlen function under UBSANBOUNDSLOCAL conditions. With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observed a runtime panic when running Android’s Compatibility Test Suite CTS. This iss...

5.3AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: Fixed a memory leak in presterarxtxswitchinit. When presterasdmaswitchinit failed, the memory pointed to by sw-rxtx wasn’t released. This issue has been addressed. The fix has only been compiled, but not...

5.5CVSS5.9AI score0.00165EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: camcc-sc8280xp – fixed the termination of frequency table arrays. The frequency table arrays should be terminated with an empty element. Add such an entry to the end of the arrays where it is missing, in order to avoid...

5.5CVSS5.3AI score0.00193EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in unbound

Unbound versions 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can lead to the execution of shell code after receiving a specially crafted answer. This issue can only be exploited if Unbound was compiled with the --enable-ipsecmod option, and Isecmod is enabled and utilized...

7.3CVSS6.9AI score0.03212EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.11 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.12 views

Compile-Time Security Analysis and Optimization of Sensitive String Producers

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template languages, each face diminishing returns; AI code generation...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/05/13 2:44 p.m.37 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS0.00431EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:44 p.m.7 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/11 4:23 p.m.9 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

RHEL 9 : golang (RHSA-2026:16021)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16021 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow...

9.8CVSS5.9AI score0.00658EPSS
Exploits0References14
OSV
OSV
added 2026/05/06 12:0 p.m.18 views

RLSA-2026:10704 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key upda...

9CVSS7.4AI score0.00658EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/05/06 12:0 p.m.14 views

go-toolset:rhel8 security update

An update is available for module.delve, module.golang, delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...

9.8CVSS5.9AI score0.00658EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/27 2:21 a.m.5 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/24 2:41 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compilePipeline process. An attacker can execute arbitrary shell commands during the build process by supplying a crafted configuration file that sets pipeline.uses to a value containing directory traversal...

6.9CVSS6.4AI score0.0014EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/23 9:39 p.m.5 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/08 5:18 p.m.3 views

CVE-2026-27143

A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially...

9.8CVSS5.9AI score0.00536EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/08 1:6 a.m.3 views

CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption...

5.9AI score0.00536EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 1:6 a.m.22 views

CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption...

0.00536EPSS
Exploits0References4
Rows per page
Query Builder